{# Config for eBGP endpoints #}
{% for ri in device_abstract_config.get("routing_instances", []) %}
set groups {{cfg_group}} routing-instances {{ri.name}} instance-type {{ri.routing_instance_type}}
{%     for lo_intf in ri.get('loopback_interfaces',[]) %}
set groups {{cfg_group}} routing-instances {{ri.name}} interface {{lo_intf.name}}
{%     endfor %}
{%     for intf in ri.get('routing_interfaces',[]) %}
set groups {{cfg_group}} routing-instances {{ri.name}} interface {{intf.name}}
{%     endfor %}
{%     if 'bgp' in ri.get('protocols',[]) %}
{%         for bgp in ri.protocols.bgp %}
set groups {{cfg_group}} routing-instances {{ri.name}} protocols bgp group {{bgp.name}} type {{bgp.type_}}
set groups {{cfg_group}} routing-instances {{ri.name}} protocols bgp group {{bgp.name}} local-address {{bgp.ip_address}}
set groups {{cfg_group}} routing-instances {{ri.name}} protocols bgp group {{bgp.name}} local-as {{bgp.autonomous_system}}
{%             for peer in bgp.get('peers',[]) %}
set groups {{cfg_group}} routing-instances {{ri.name}} protocols bgp group {{bgp.name}} peer-as {{peer.autonomous_system}}
set groups {{cfg_group}} routing-instances {{ri.name}} protocols bgp group {{bgp.name}} neighbor {{peer.ip_address}}
{%                 if peer.get('comment','') %}
set groups {{cfg_group}} routing-instances {{ri.name}} protocols bgp group {{bgp.name}} neighbor {{peer.ip_address}} description "{{peer.comment}}"
{%                 endif %}{# peer.get('comment','') #}
{%             endfor %}{# for bgp.get('peers',[]) #}
{%         endfor %}{# for ri_proto.get('bgp',[]) #}
{%     endif %}{# if 'bgp' in ri.get('protocols',[]) #}
{% endfor %}{# for device_abstract_config.get("routing_instances", []) #}

{# Config for advertising 0/0 from SRX to QFX #}
{% for ri in device_abstract_config.get('routing_instances', []) %}
set groups {{cfg_group}} policy-options policy-statement aggregate_contribute term t1 from protocol direct
set groups {{cfg_group}} policy-options policy-statement aggregate_contribute term t1 from route-filter 0.0.0.0/0 prefix-length-range /32-/32
set groups {{cfg_group}} policy-options policy-statement aggregate_contribute term t1 then accept
set groups {{cfg_group}} policy-options policy-statement aggregate_contribute term t2 then reject
set groups {{cfg_group}} policy-options policy-statement from_aggregate term AGGR from protocol aggregate
set groups {{cfg_group}} policy-options policy-statement from_aggregate term AGGR then accept
set groups {{cfg_group}} routing-instances {{ri.name}} routing-options aggregate route 0.0.0.0/0 policy aggregate_contribute
{%     if 'bgp' in ri.get('protocols',[]) %}
{%         for bgp in ri.protocols.bgp %}
set groups {{cfg_group}} routing-instances {{ri.name}} protocols bgp group {{bgp.name}} export from_aggregate
{%         endfor %}{# for ri_proto.get('bgp') #}
{%     endif %}{# if 'bgp' in ri.get('protocols',[]) #}
{% endfor %}{# for device_abstract_config.get('routing_instances', []) #}

{# Config for adding service VLANs to tenants for service chaining #}
{% for ifd in device_abstract_config.get('physical_interfaces', []) %}
{%     if ifd.get('interface_type','') == 'service' %}
{%         for ifl in ifd.get('logical_interfaces', []) %}
set groups {{cfg_group}} interfaces {{ifd.name}} unit {{ifl.unit}} vlan-id {{ifl.vlan_tag}}
set groups {{cfg_group}} interfaces {{ifd.name}} unit {{ifl.unit}} family inet address {{ifl.ip_list[0]}}
set groups {{cfg_group}} interfaces {{ifd.name}} vlan-tagging
{%         endfor %}{# ifd.get('logical_interfaces', []) #}
{%     endif %}{# ifd.get('interface_type','') #}
{% endfor %}{# device_abstract_config.get('physical_interfaces', []) #}

{# Config for security zone and security policy (Allow All) #}
{% set sp = device_abstract_config.get("security_policies", []) %}
{% set sz = device_abstract_config.get("security_zones", []) %}
{% for i in range(sp | length) %}
set groups {{cfg_group}} security policies from-zone {{sp[i].get("from_zone")}} to-zone {{sp[i].get("to_zone")}} policy open-all match source-address any
set groups {{cfg_group}} security policies from-zone {{sp[i].get("from_zone")}} to-zone {{sp[i].get("to_zone")}} policy open-all match destination-address any
set groups {{cfg_group}} security policies from-zone {{sp[i].get("from_zone")}} to-zone {{sp[i].get("to_zone")}} policy open-all match application any
set groups {{cfg_group}} security policies from-zone {{sp[i].get("from_zone")}} to-zone {{sp[i].get("to_zone")}} policy open-all then permit
set groups {{cfg_group}} security policies policy-rematch
{% endfor %}

{% for i in range(sz | length) %}
{% set intfs = sz[i].get("interfaces") %}
{%   for j in range(intfs | length) %}
set groups {{cfg_group}} security zones security-zone {{sz[i].get("name")}} interfaces {{intfs[j].get("name")}} host-inbound-traffic system-services ping
set groups {{cfg_group}} security zones security-zone {{sz[i].get("name")}} interfaces {{intfs[j].get("name")}} host-inbound-traffic system-services traceroute
set groups {{cfg_group}} security zones security-zone {{sz[i].get("name")}} interfaces {{intfs[j].get("name")}} host-inbound-traffic system-services dhcp
set groups {{cfg_group}} security zones security-zone {{sz[i].get("name")}} interfaces {{intfs[j].get("name")}} host-inbound-traffic protocols bgp
set groups {{cfg_group}} security zones security-zone {{sz[i].get("name")}} interfaces {{intfs[j].get("name")}} host-inbound-traffic protocols bfd
set groups {{cfg_group}} security zones security-zone {{sz[i].get("name")}} interfaces {{intfs[j].get("name")}} host-inbound-traffic protocols pim
{%  endfor %}
{% endfor %}
